p0f

Christian Rößner c at roessner-network-solutions.com
Wed Sep 14 09:35:07 CEST 2016


Hi :-)

> Am 14.09.2016 um 09:30 schrieb Alessandro Briosi <ab1 at metalit.com>:
> 
> Il 13/09/2016 09:30, Christian Rößner ha scritto:
>>> Am 12.09.2016 um 21:21 schrieb Benny Pedersen <me at junc.eu>
>>> :
>>> 
>>> On 2016-09-12 10:37, Christian Rößner wrote:
>>> 
>>> 
>>>> /etc/local.d/p0f.start:
>>>> ----------------------------
>>>> #!/bin/bash
>>>> cd /tmp
>>>> p0f -i eth0 -u p0f -o /var/log/p0f.log "tcp dst port 25 and (dst host
>>>> 134.255.226.247 or dst host 2a05:bec0::134:255:226:247)" 2>&1 |
>>>> p0f-analyzer.pl 50000 &
>>>> exit 0
>>>> ----------------------------
>>>> Sending a test mail, the log shows that p0f was called from amavisd-new.
>>>> Any other ideas, please :-)
>>>> 
>>> you imho proved p0f works and next would be why p0f-analyzer does not work with installed p0f version 2.0.0-r2 ?
>>> 
>>> try see if unstable p0f version in gentoo works, what version is amavisd tested with ?
>>> 
>>> 
>>>> Thanks in advance
>>>> 
>>> thanks for using gentoo and shareing ebuilds
>>> 
>> ;-) (NB: Are you a Gentoo-dev?)
>> 
>> I already use the latest amavisd-new and p0f on my MX :-)
>> 
>> Thanks
>> 
>> Christian
>> 
> 
> Hello,
> this might not be the case, but for postfix / amavis / p0f this options should be enabled in postfix
> 
> lmtp_send_xforward_command
> Enabling lmtp_send_xforward_command configures the Postfix lmtp-client to forward the original clients HELO name and IP address to amavisd-new. amavisd-new in turn can use these informations for
> 
> 	• logging and notifications (macro %a)
> 
> 	• switching policy banks (MYNETS, @mynetworks_maps)
> 
> 	• pen pals functionality
> 
> 	• p0f fingerprinting
> 
> 
> 
> Maybe your setup needs something like this.

This would be the case, if I used content_filter or smtpd_proxy_filter. As I use smtpd_milters for this task, it does not depend on X-FORWARD.

By the way: I just turned off amavisd completely and see how well rmilter/rspamd can replace all tasks ;-)

Christian
-- 
Erlenwiese 14, 36304 Alsfeld
T: +49 6631 78823400, F: +49 6631 78823409, M: +49 171 9905345
USt-IdNr.: DE225643613, https://www.roessner-network-solutions.com

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2449 bytes
Desc: not available
URL: <http://lists.amavis.org/pipermail/amavis-users/attachments/20160914/cee532d2/attachment.bin>


More information about the amavis-users mailing list